Chainalysis calculates that despite the rise in ransomware, attackers' revenues have fallen by 40%
Victims who are being ransomed by hackers using ransomware in cryptocurrencies have become less likely to pay, according to a report by analytics firm Chainalysis. Ransomware hackers received $456.8 million in 2022, down 40% from $765.6 million in 2021. However, the authors of the report note that the real amount may be higher, since not all crypto wallets controlled by ransomware hackers can be identified.
Attackers who use ransomware are called crypto-lockers. They usually choose victims among organizations with a developed computer network. Hackers block it using specialized software and demand a ransom from the organization for opening access.
However, the number of malicious programs used by attackers has increased markedly. The report says cybersecurity firm Fortinet identified 10.6k new software options in the first half of 2022, compared to just 5.4k in the same period of 2021. But not all programs bring significant benefits to attackers: the lion’s share of ransomware revenue comes from a small group of viruses, analysts found out.
Victims are becoming less willing to pay, Chainalysis says, citing cybersecurity firm Coveware. Since 2019, the percentage of victims paying ransoms has gradually decreased from 76% to 41%, according to Coveware. One explanation for this drop could be a recommendation from the US Office of Foreign Assets Control (OFAC), which warned companies in September 2021 that they could violate sanctions if they paid hackers.
Another reason could be that insurers have gotten worse at covering the losses of customers paying ransoms to hackers and are now pushing for stronger security measures to prevent attacks, the report says.
In 2021 and 2022, hackers used the Maui virus to encrypt the files and servers of several US medical centers. Hospitals were unable to access their data for several days, after which they paid $100,000 and $120,000 in bitcoin ransoms to restore the information system.
The FBI identified the hackers and in May 2022 seized the contents of two cryptocurrency accounts that received funds from Kansas and Colorado hospitals. The US Department of Justice announced that the funds will be returned to medical facilities.